Leadership Lyceum

Leadership Lyceum: A CEO’s Virtual Mentor

This podcast series focuses on corporate and industry strategy and trends from the direct vantage point of key industry leaders. Subscribe to the podcast at Apple iTunes. Interviews with Tom Fanning and Bob Flexon are available, as well as one with Joe Rigby, Bob Skaggs and Les Silverman.

See Podcasts

Public Utilities Reports

PUR Guide Fully Updated Version

Available NOW!
PUR Guide

This comprehensive self-study certification course is designed to teach the novice or pro everything they need to understand and succeed in every phase of the public utilities business.

Order Now

A Primer on the PIM Framework

How enterprise risk management practices impact the Standard & Poor’s rating process.

Fortnightly Magazine - June 2007

About a year ago, Standard & Poor’s expanded the methodology used to review and assess the enterprise risk management practices of U.S. energy firms with trading desks. The methodology, known as the PIM framework, focuses on the three aspects of policies, infrastructure, and methodology, and produces a comprehensive evaluation of a firm’s risk management. The importance of each of these aspects in a company’s risk culture, and our opinion of its risk management quality, will depend on that company’s size, complexity, and range of risk.

Strong enterprise risk management is vital to the financial health and creditworthiness of energy companies with trading desks. Energy traders take complex risks every day, so energy companies have to be able to identify risks correctly and have the right tools to measure those risks. If risk-management practices are inadequate or are poorly integrated, the rating can suffer.

Incorporating PIM into the rating process enables rating companies to understand a company’s management better. Analysts now think not just about current risks and control processes, but also about potential and emerging risks, and how those fit into the risk assessment framework.


In PIM, policies incorporate business strategy, risk tolerance, and risk authorities and disclosure. Energy companies with trading desks must have appropriate risk-management tools and policies that are not just consistent with their goals, but are also clearly articulated, well understood, and well communicated throughout the enterprise.

Key elements of that policy should include consistency and linkages between strategy and risk management, clear risk policies, and effective internal and external disclosure of the level and complexity of its risk-taking. In addition, senior management must be engaged in the process, and corporate governance must be engaged through accountability, effective board access, authority, and management reporting.

Processes must be in place to monitor risk authority limits and enforce consequences for exceeding those limits. Disclosure policies must be clear, reporting timely and accurate, and internal operations procedures such as valuation of collateral, knowledge of counterparties, risk limits, and trade reconciliation must be well-documented and well-executed.


The infrastructure aspect focuses on technology, personnel, data, and operations, and the level of firm-wide integration the risk management function has achieved. A firm’s technology need to be commensurate with its risk-management needs. Commodity traders at energy firms routinely take complex risks, so the firms need sophisticated integrated technology to comprehensively and correctly analyze those risks and their impact on the enterprise.

We assess the risk-management staff by evaluating their seniority, education, career paths, and training. We also look at whether their compensation is linked to risk-management goals, and whether the department’s budget is sufficient for its needs.

Transaction sources, market data quality and integrity, and back office staff and operational quality also are examined. We consider back office operations integral, so we assess not just procedures and controls, but the operations staff’s training, education and knowledge as well.


Measuring operational risk